On 29 Oct 2016 19:37, Pádraig Brady wrote: > On 09/10/16 21:28, Mike Hodson wrote: > > At the risk of going somewhat offtopic of this list, however, as this > > is the one point of continual reference I have to the Blake2 hash in > > common use (I am always interested in learning the new features of > > Coreutils and have been a list reader for years now) I must pose the > > question: > > > > Due to md5's easy collision faults, when will the md5 algorithm be > > -removed- from coreutils / other security implementations, to prevent > > this sort of well-intentioned badness? When will "md5sum" spit out a > > string "DO NOT USE THIS ANYMORE" instead of actually working as > > historically was the case? > > We warn about md5 inadequacies in the info page: > http://www.gnu.org/software/coreutils/md5sum > and in the bugs section of the man page: > http://man7.org/linux/man-pages/man1/md5sum.1.html#BUGS > > I'm not sure it's worth going further at present.
nor should we. md5's can be used in places where protection against malicious inputs isn't relevant, and you have backwards compat with existing tools. you could make the same argument for cksum. -mike
signature.asc
Description: Digital signature
